SUPi

Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: February 10, 2026

1. Controller

The data controller for supi.ai is Welf GmbH, registered in Germany. For all data protection enquiries, please contact us at privacy@supi.ai.

2. Data We Collect

We may collect the following categories of personal data:

  • Contact information — name, email address, phone number, company name, and job title when you fill out a form, request a demo, or contact us.
  • Usage data — IP address, browser type, operating system, referring URLs, pages visited, and interaction timestamps, collected automatically via server logs and analytics.
  • Cookie data — identifiers stored on your device for analytics and functionality purposes. See our Cookie Policy for details.
  • Communication data — the content of emails, support tickets, or messages you send us.

3. Legal Basis for Processing

We process your data on the following legal bases under the GDPR (Regulation (EU) 2016/679):

  • Consent (Art. 6(1)(a)) — for optional analytics cookies and marketing communications.
  • Contractual necessity (Art. 6(1)(b)) — to provide our services and respond to your enquiries.
  • Legitimate interest (Art. 6(1)(f)) — for website security, fraud prevention, and improving our services.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable laws, such as tax and accounting requirements.

4. How We Use Your Data

  • To provide, maintain, and improve our platform and services
  • To respond to your enquiries and demo requests
  • To send you relevant updates (only with your consent)
  • To analyse website usage and improve user experience
  • To ensure security and prevent fraud
  • To comply with legal obligations

5. Data Sharing

We do not sell your personal data. We may share data with the following categories of recipients:

  • Service providers — hosting, analytics, and email delivery services that process data on our behalf under data processing agreements.
  • Legal authorities — when required by law or to protect our legal rights.

When data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g. EU Standard Contractual Clauses).

6. Data Retention

We retain personal data only as long as necessary for the purposes described above, or as required by law. Contact data from demo requests is retained for up to 24 months after your last interaction with us. Analytics data is anonymised or deleted after 14 months.

7. Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Restriction — restrict how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@supi.ai. You also have the right to lodge a complaint with your local data protection authority.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and regular security assessments.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via our website. The “Last updated” date at the top indicates the most recent revision.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Welf GmbH
Email: privacy@supi.ai
Website: supi.ai